| Holger Hans Peter Freyther | 629f94e | 2010-10-20 16:56:46 +0200 | [diff] [blame] | 1 | -- Split trace based on SCCP Source |
| 2 | do |
| 3 | local function init_listener() |
| 4 | print("CREATED LISTENER") |
| Holger Hans Peter Freyther | f62d31f | 2010-10-20 18:57:17 +0200 | [diff] [blame] | 5 | local tap = Listener.new("ip", "sccp && (ip.src == 172.16.1.81 || ip.dst == 172.16.1.81)") |
| Holger Hans Peter Freyther | 629f94e | 2010-10-20 16:56:46 +0200 | [diff] [blame] | 6 | local sccp_type_field = Field.new("sccp.message_type") |
| 7 | local sccp_src_field = Field.new("sccp.slr") |
| 8 | local sccp_dst_field = Field.new("sccp.dlr") |
| 9 | local msg_type_field = Field.new("gsm_a.dtap_msg_mm_type") |
| 10 | local lu_rej_field = Field.new("gsm_a.dtap.rej_cause") |
| 11 | local ip_src_field = Field.new("ip.src") |
| 12 | local ip_dst_field = Field.new("ip.dst") |
| 13 | |
| Holger Hans Peter Freyther | 8d4696f | 2010-10-20 18:58:12 +0200 | [diff] [blame] | 14 | -- |
| 15 | local bssmap_msgtype_field = Field.new("gsm_a.bssmap_msgtype") |
| 16 | -- assignment failure 0x03 |
| 17 | -- |
| 18 | |
| 19 | -- |
| 20 | local dtap_cause_field = Field.new("gsm_a_dtap.cause") |
| 21 | local dtap_cc_field = Field.new("gsm_a.dtap_msg_cc_type") |
| 22 | |
| Holger Hans Peter Freyther | 629f94e | 2010-10-20 16:56:46 +0200 | [diff] [blame] | 23 | local connections = {} |
| 24 | |
| 25 | function check_failure(con) |
| Holger Hans Peter Freyther | 8d4696f | 2010-10-20 18:58:12 +0200 | [diff] [blame] | 26 | check_lu_reject(con) |
| 27 | check_disconnect(con) |
| Holger Hans Peter Freyther | 33e4281 | 2010-10-20 19:06:50 +0200 | [diff] [blame^] | 28 | check_ass_failure(con) |
| 29 | end |
| 30 | |
| 31 | -- check assignment failures |
| 32 | function check_ass_failure(con) |
| 33 | local msgtype = bssmap_msgtype_field() |
| 34 | if not msgtype then |
| 35 | return |
| 36 | end |
| 37 | |
| 38 | if tonumber(msgtype) == 0x03 then |
| 39 | con[4] = true |
| 40 | end |
| Holger Hans Peter Freyther | 8d4696f | 2010-10-20 18:58:12 +0200 | [diff] [blame] | 41 | end |
| 42 | |
| 43 | -- check if a DISCONNECT is normal |
| 44 | function check_disconnect(con) |
| 45 | local msg_type = dtap_cc_field() |
| 46 | if not msg_type then |
| 47 | return |
| 48 | end |
| 49 | |
| 50 | if tonumber(msg_type) ~= 0x25 then |
| 51 | return |
| 52 | end |
| 53 | |
| 54 | local cause = dtap_cause_field() |
| 55 | if not cause then |
| 56 | return |
| 57 | end |
| 58 | |
| 59 | cause = tonumber(cause) |
| 60 | if cause ~= 0x10 then |
| 61 | print("DISCONNECT != Normal") |
| 62 | con[4] = true |
| 63 | end |
| 64 | end |
| 65 | |
| 66 | -- check if we have a LU Reject |
| 67 | function check_lu_reject(con) |
| Holger Hans Peter Freyther | 629f94e | 2010-10-20 16:56:46 +0200 | [diff] [blame] | 68 | local msg_type = msg_type_field() |
| 69 | if not msg_type then |
| 70 | return |
| 71 | end |
| 72 | |
| 73 | msg_type = tonumber(tostring(msg_type)) |
| 74 | if msg_type == 0x04 then |
| 75 | print("LU REJECT with " .. tostring(lu_rej_field())) |
| 76 | con[4] = true |
| 77 | end |
| 78 | end |
| 79 | |
| 80 | function tap.packet(pinfo,tvb,ip) |
| 81 | local ip_src = tostring(ip_src_field()) |
| 82 | local ip_dst = tostring(ip_dst_field()) |
| 83 | local sccp_type = tonumber(tostring(sccp_type_field())) |
| 84 | local sccp_src = sccp_src_field() |
| 85 | local sccp_dst = sccp_dst_field() |
| 86 | |
| 87 | local con |
| 88 | |
| 89 | if sccp_type == 0x01 then |
| 90 | elseif sccp_type == 0x2 then |
| 91 | local src = string.format("%s-%s", ip_src, tostring(sccp_src)) |
| 92 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 93 | local datestring = os.date("%Y%m%d%H%M%S") |
| 94 | local pcap_name = string.format("alink_trace_%s-%s_%s.pcap", src, dst, datestring) |
| 95 | local dumper = Dumper.new_for_current(pcap_name) |
| 96 | |
| 97 | local con = { ip_src, tostring(sccp_src), tostring(sccp_dst), false, dumper, pcap_name } |
| 98 | |
| 99 | dumper:dump_current() |
| 100 | connections[src] = con |
| 101 | connections[dst] = con |
| 102 | elseif sccp_type == 0x4 then |
| 103 | -- close a connection... remove it from the list |
| 104 | local src = string.format("%s-%s", ip_src, tostring(sccp_src)) |
| 105 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 106 | |
| 107 | local con = connections[src] |
| 108 | if not con then |
| 109 | return |
| 110 | end |
| 111 | |
| 112 | con[5]:dump_current() |
| 113 | con[5]:flush() |
| 114 | |
| 115 | -- this causes a crash on unpacted wireshark |
| 116 | con[5]:close() |
| 117 | |
| 118 | -- the connection had a failure |
| 119 | if con[4] == true then |
| 120 | local datestring = os.date("%Y%m%d%H%M%S") |
| 121 | local new_name = string.format("alink_failure_%s_%s-%s.pcap", datestring, con[2], con[3]) |
| 122 | os.rename(con[6], new_name) |
| 123 | else |
| 124 | os.remove(con[6]) |
| 125 | end |
| 126 | |
| 127 | |
| 128 | -- clear the old connection |
| 129 | connections[src] = nil |
| 130 | connections[dst] = nil |
| 131 | |
| 132 | elseif sccp_type == 0x5 then |
| 133 | -- not handled yet... we should verify stuff here... |
| 134 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 135 | local con = connections[dst] |
| 136 | if not con then |
| 137 | return |
| 138 | end |
| 139 | con[5]:dump_current() |
| 140 | elseif sccp_type == 0x6 then |
| 141 | local dst = string.format("%s-%s", ip_dst, tostring(sccp_dst)) |
| 142 | local con = connections[dst] |
| 143 | if not con then |
| 144 | print("DON'T KNOW THIS CONNECTION for " .. ip_dst) |
| 145 | return |
| 146 | end |
| 147 | con[5]:dump_current() |
| 148 | check_failure(con) |
| 149 | end |
| 150 | |
| 151 | end |
| 152 | function tap.draw() |
| 153 | print("DRAW") |
| 154 | end |
| 155 | function tap.reset() |
| 156 | print("RESET") |
| 157 | end |
| 158 | end |
| 159 | |
| 160 | init_listener() |
| 161 | end |